What port to block?

Discussion in 'Security Software' started by sim, Sep 30, 2003.

  1. sim

    sim Guest

    I dont want my users chatting during office hours using
    MIRC and downloading music using KAzaA and others. How can
    I block those ports used by these softwares?

    Can I block also those web chat using Java Applets?

    sim, Sep 30, 2003
    1. Advertisements

  2. sim

    Renegade Guest

    Blocking KAZAA is difficult at the port level because it dynamically
    searches for open ports to use. mIRC can be configured to use a range of
    ports also. You're better off relying on a application-level firewall for

    Renegade, Sep 30, 2003
    1. Advertisements

  3. You need a full-featured firewall offering outbound access control.

    Even then, this can be difficult. I don't have the details at the top of my
    head--I'd recommend connecting to this newsgroup:


    and READING--use a search function to find subject headers mentioning MIRC
    and KAZAA, for example, to get some idea of how these mechanisms function
    and what the possibilities are for blocking them.
    Bill Sanderson, Sep 30, 2003
  4. You need a internet appliance/nat firewall that can manage outgoing traffic with a
    default block all rule and then you add the ip addresses of the computers and what
    ports/services you want them to have access to. Generally you need to allow outbound
    traffic for dns udp port 53, http tcp port 80, and https tcp port 443 for internet
    web access. Tcp ports 25, 110, 119 would be needed for non web based email such as
    Outlook Express and newsgroups. This is a much better way that trying to figure out
    what ports to block. Depending on the size of your office lan, you may be able to get
    by with a $110 device that can do the job. If you have much more a couple dozen
    users, you would be better off with a higher performance device such as the Sonic
    Wall series starting around $400. If your network is a Windows 2000 domain with all
    Windows 2000 or XP Pro computers, then you could also implement ipsec filtering to do
    the job. Those unathorized applications are a great way to get a trojan/worm/virus on
    your network. --- Steve

    http://www.dlink.com/products/?pid=65 -- An economical device that may be adequate.
    Steven L Umbach, Sep 30, 2003
  5. sim

    S. Pidgorny Guest

    And that won't help blocking HTML chat reliably... Some organisational
    policy enforcement would be necessary.
    S. Pidgorny, Oct 1, 2003
  6. That piece needs to be in place before the electronic aids to enforcement,
    ideally--both the policy and the clear understanding that it will be
    enforced and what the sanctions are.
    Bill Sanderson, Oct 1, 2003
  7. sim

    Adrian Guest


    I had this problem too. Trying to get my employees from using
    these download appz. Try Browse Control. http://www.browsecontrol.com
    It's a little different then what's already out there so it may be of

    Adrian, Oct 1, 2003
  8. sim

    Adrian Guest

    steven's lil shpeel... BC SO much easier

    Hey again,

    forgot to mention.. you don't have to deal with internet firewall
    blocking, port blocking, ip tables and the whole shpeel with Browse
    Control. it's REALLY cheap to buy (seriously...
    http://www.browsecontrol.com/order.htm) and so didnt cost me much to
    implement it, and it does things without dealing with the ports. It
    actually prvents the application form running. So i pull msn onto the
    block list and then try to run it, got a freidnly cusomtisbale pop-up
    that tells me that i cant use this program cause the Admin or whatever
    has blocked it...

    So this msg pops up and prevents it from opening before u see that lil
    icon on the taskbar.

    its a good lil tool from the company its from: www.codework.com

    we are looking into buying more software from them...

    see ya,
    Adrian, Oct 2, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.